[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CAN-2004-0488

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: CAN-2004-0488
From: Anthony Roberts <obsd-misc-aroberts_(_at_)_shaw_(_dot_)_ca>
Date: Sat, 12 Jun 2004 19:58:21 -0600

"Stack-based buffer overflow in the 
ssl_util_uuencode_binary function in ssl_util.c for 
Apache mod_ssl, when mod_ssl is configured to trust 
the issuing CA, may allow remote attackers to execute 
arbitrary code via a client certificate with a long 
subject DN."

Do ProPolice or W^X impact this?

One assumes that if the buffer in question is on the stack ProPolice will catch it...

Follow-Ups:
- Re: CAN-2004-0488
  - From: Hannah Schroeter

Prev by Date: Re: HTTP://www.netbsd.org problem on OBSD-current
Next by Date: php and mysql in chrooted apache
Previous by thread: Re: POSIX standard
Next by thread: Re: CAN-2004-0488
Index(es):
- Date
- Thread

Visit your host, monkey.org